Win32/PSW.Delf.OAS [Threat Name] go to Threat

Win32/PSW.Delf.OAS [Threat Variant Name]

Category trojan
Size 422400 B
Detection created May 10, 2011
Detection database version 6109
Aliases Trojan-PSW.Win32.Agent.lqqy (Kaspersky)
  TrojanSpy:Win32/Skeeyah.A!rfn (Microsoft)
  Trojan.PWS.Stealer.origin (Dr.Web)
  PSW.Delf.KMR.trojan (AVG)
Short description

Win32/PSW.Delf.OAS is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • login user names for certain applications/services
  • login passwords for certain applications/services
  • FTP account information
  • e-mail accounts data

The following programs are affected:

  • &RQ
  • 32bit FTP
  • 888Poker
  • Absolute Poker
  • Advanced Dialer
  • AIM
  • AIM Pro
  • Becky! Internet Mail
  • BitKinex
  • BulletProof FTP Client
  • CakePoker
  • CamFrog
  • Cisco VPN Client
  • Classic FTP
  • CoffeeCup FTP
  • Core FTP
  • CuteFTP
  • Dialer Queen
  • Digsby
  • Directory Opus
  • Download Master
  • EType Dialer
  • Eudora
  • Excite Private Messenger
  • ExpanDrive
  • FAIM
  • FAR Manager
  • FFFTP
  • FileZilla
  • FlashFXP
  • FlashGet (JetCar)
  • FlexibleSoft Dialer
  • Fling FTP
  • Flock
  • Forte Agent
  • FreeCall
  • FreeFTP/DirectFTP
  • Frigate3
  • FTP Commander
  • FTP Control
  • FTP Explorer
  • FTP Rush
  • FTP Uploader
  • FullTiltPoker
  • GAIM
  • GetRight
  • Gizmo Project
  • Gmail Notifier
  • Google Chrome
  • Google Talk
  • GroupMail Free
  • ICQ
  • ICQ 2003
  • ICQ Lite
  • IM2 Instant Messenger
  • IncrediMail
  • Internet Download Accelerator
  • Internet Explorer
  • JAJC
  • LeapFTP
  • Mail Commander
  • Mail.Ru Agent
  • Miranda
  • Mozilla Browser
  • Mozilla Firefox
  • Mozilla Thunderbird
  • MSN Messenger
  • MuxaSoft Dialer
  • Myspace IM
  • NetDrive
  • Odigo Messenger
  • Opera
  • Outlook
  • Paltalk
  • Pandion
  • PartyPoker
  • PC Remote Control
  • Pidgin
  • PocoMail
  • PokerStars
  • POP Peeper
  • Psi
  • QIP
  • QIP.Online
  • Safari
  • Scribe
  • SeaMonkey
  • SecureFX
  • Sim-IM
  • SmartFTP
  • SoftX FTP Client
  • The Bat!
  • TitanPoker
  • Total Commander
  • Trillian
  • Trillian Astra
  • TurboFTP
  • UB Online Poker
  • Ultra FXP
  • VDialer
  • Vypress Auvis
  • Web Site Publisher
  • WebDrive
  • Windows Commander
  • Windows Credentials
  • Windows Live Mail
  • Windows Live Messenger
  • WinSCP
  • WinVNC
  • WS_FTP
  • Yahoo! Messenger

The trojan attempts to send gathered information to a remote machine. The HTTP protocol is used.

Other information

The trojan is a malicious Win32/TrojanDownloader.Zurgop extension/plugin.

Please enable Javascript to ensure correct displaying of this content and refresh this page.